RAPID7 LAUNCHES CYBER GRC EARLY ACCESS PROGRAM WITH 360 ADVANCED TO BRIDGE SECURITY OPERATIONS AND COMPLIANCE FOR ORGANIZATIONS

Rhea-AI Summary

Rapid7 (NASDAQ:RPD) launched its Cyber GRC Early Access Program with 360 Advanced to connect security operations with governance, risk, and compliance workflows.

Built on the Rapid7 Command Platform, the program targets continuous, threat-aware compliance across frameworks like SOC 2, HITRUST, ISO 27001, PCI DSS, FedRAMP, GovRAMP, and CMMC, with broader rollout planned in 2026.

AI-generated analysis. Not financial advice.

Positive

• Launch of Cyber GRC Early Access Program on the Rapid7 Command Platform
• Collaboration with 360 Advanced for integrated advisory, assessment, and assurance services

Negative

• None.

Key Figures

SOC 2 framework: SOC 2 ISO standard: ISO 27001 ISO privacy standard: ISO 27701 +5 more

8 metrics

SOC 2 framework SOC 2 Compliance framework supported by Cyber GRC initiative

ISO standard ISO 27001 Security certification framework referenced in program

ISO privacy standard ISO 27701 Privacy extension to ISO 27001 mentioned in services

AI governance standard ISO 42001 AI governance advisory services framework

Compliance framework PCI DSS Payment card security standard supported by 360 Advanced

Federal program FedRAMP Federal cloud security authorization framework mentioned

Defense framework CMMC Cybersecurity Maturity Model Certification support listed

Planned broader rollout 2026 Broader Cyber GRC availability targeted later in 2026

Market Reality Check

Price: $6.57 Vol: Volume 1,747,495 vs 20-da...

normal vol

$6.57 Last Close

Volume Volume 1,747,495 vs 20-day average 2,134,376 (0.82x average activity ahead of this news). normal

Technical Shares at $6.57, trading 75.76% below 52-week high of $27.10 and above 52-week low of $4.97, while remaining below the 200-day MA at $13.59.

Peers on Argus

RPD showed a positive move of 3.14% while key peers were mixed: ATEN (-2.32%), R...

RPD showed a positive move of 3.14% while key peers were mixed: ATEN (-2.32%), RDWR (-2.44%), VRNT (+0.05%), BASE (+0.04%), and TIXT (0.00%). No peers appeared in the momentum scanner, pointing to a company-specific move around the Cyber GRC launch and ecosystem news.

Historical Context

5 past events · Latest: May 12 (Positive)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
May 12	Product/program launch	Positive	+3.1%	Introduced Cyber GRC early access program on Command Platform with key partners.
May 11	Investor conferences	Positive	-7.7%	Announced participation in two major investor conferences with webcast access.
May 05	Quarterly earnings	Neutral	-1.6%	Reported Q1 2026 results, guidance, Kenzo acquisition and platform enhancements.
Apr 09	Earnings timing	Neutral	+0.4%	Scheduled Q1 2026 earnings release and conference call details.
Mar 26	Equity inducement	Neutral	-7.5%	Reported RSU and PSU inducement grants related to Kenzo Security acquisition.

Pattern Detected

Recent news often elicits modest but directional moves; product and program launches saw a positive reaction, while conference participation and equity grant news coincided with declines.

Recent Company History

Over the last few months, Rapid7 announced multiple milestones, including Q1 2026 results, inducement equity grants tied to the Kenzo Security acquisition, investor conference participation, and the launch of its Cyber GRC early access program on May 12, 2026. That Cyber GRC launch coincided with a 3.14% gain, contrasting with declines after conference and equity grant announcements. Today’s 360 Advanced participation update extends the same Cyber GRC narrative and fits into Rapid7’s focus on governance, risk, and compliance workflows.

Market Pulse Summary

This announcement extends Rapid7’s Cyber GRC strategy by adding 360 Advanced to support frameworks l...

Analysis

This announcement extends Rapid7’s Cyber GRC strategy by adding 360 Advanced to support frameworks like SOC 2, HITRUST, and ISO standards, with broader rollout planned later in 2026. In context of recent earnings, Kenzo-related equity grants, and the initial Cyber GRC launch, it underscores a focus on governance and compliance workflows. Investors may watch adoption of Cyber GRC, additional ecosystem partners, and future filings for evidence of commercial traction.

Key Terms

governance, risk, and compliance (GRC), soc 2, hitrust, iso 27001, +4 more

8 terms

governance, risk, and compliance (GRC) regulatory

"Rapid7 Cyber Governance, Risk, and Compliance (GRC) Early Access Program"

Governance, risk, and compliance (GRC) is a company’s coordinated system for how it’s run, how it finds and manages threats, and how it follows laws and internal rules — like a business’s rulebook, warning lights, and safety procedures combined. Investors watch GRC because strong practices lower the chance of costly fines, fraud, operational failures or surprise losses, making a company more reliable and preserving long‑term value.

soc 2 regulatory

"obligations across frameworks such as SOC 2®, HITRUST®, ISO 27001, PCI DSS"

SOC 2 is an independent auditor’s report that assesses whether a company follows strict practices to keep customer data secure, available, and private—think of it as a health inspection for how a business handles sensitive information. For investors, a SOC 2 report signals lower operational and reputational risk from data breaches or service disruptions and helps judge the reliability of a company or its suppliers when digital data handling is central to value.

hitrust regulatory

"obligations across frameworks such as SOC 2®, HITRUST®, ISO 27001, PCI DSS"

HITRUST is an independent organization and a widely used security and privacy framework that helps healthcare and related companies show they protect sensitive data like patient records. Think of it as a standardized lock-and-inspection checklist auditors use to confirm an organization follows strong data security and regulatory rules. For investors, HITRUST recognition reduces the risk of costly data breaches, regulatory fines, and reputational damage, making a business a safer long-term bet.

iso 27001 regulatory

"obligations across frameworks such as SOC 2®, HITRUST®, ISO 27001, PCI DSS"

ISO 27001 is an internationally recognized standard that sets out the best practices for managing and protecting sensitive information within an organization. It acts like a security blueprint, helping companies ensure data is kept safe from theft, loss, or damage. For investors, organizations with ISO 27001 certification demonstrate a strong commitment to information security, reducing the risk of data breaches that could impact business stability and reputation.

pci dss regulatory

"obligations across frameworks such as SOC 2®, HITRUST®, ISO 27001, PCI DSS"

A set of security rules created by major payment card companies to protect credit and debit card data when businesses store, process, or transmit it. It matters to investors because compliance is like a strong lock on a store: businesses that follow these standards reduce the risk of costly data breaches, fines, legal trouble and customer loss, while noncompliance can lead to direct financial penalties and damage to reputation and revenue.

fedramp regulatory

"PCI DSS, FedRAMP®, GovRAMP™, and CMMC, many face challenges"

FedRAMP (Federal Risk and Authorization Management Program) is a U.S. government initiative that sets security standards for cloud computing services used by federal agencies. It ensures that these online platforms protect sensitive information, similar to how a security system safeguards a building. For investors, FedRAMP indicates that a cloud service meets strict security requirements, which can influence its reliability and trustworthiness in handling data.

cmmc regulatory

"PCI DSS, FedRAMP®, GovRAMP™, and CMMC, many face challenges"

Cybersecurity Maturity Model Certification (CMMC) is a U.S. government program that sets required levels of cybersecurity for contractors handling sensitive government information. For investors, CMMC matters because it can determine whether a company is eligible to win or keep government contracts, affect compliance costs and cybersecurity investments, and influence operational risk — think of it like a safety inspection that can open or close doors to significant revenue streams.

penetration testing technical

"services that include: SOC 1 & SOC 2 Reporting... Penetration Testing & Risk Assessments"

Penetration testing is a controlled security check where experts try to break into a company’s computer systems, networks or applications to find weaknesses before real attackers do. For investors it signals how well a company manages cyber risk, potential costs from breaches or compliance failures, and the firmness of operational defenses—think of it as hiring a professional to test all the locks and alarm systems so vulnerabilities can be fixed before they cause damage.

AI-generated analysis. Not financial advice.

ST. PETERSBURG, Fla., May 13, 2026 /PRNewswire/ -- 360 Advanced, a leading cybersecurity and compliance firm, today announced its participation in the Rapid7 Cyber Governance, Risk, and Compliance (GRC) Early Access Program, designed to help organizations align security operations with compliance and risk management workflows.

Built on the Rapid7 Command Platform, the Cyber GRC program is designed to align security operations, controls, evidence collection, and risk visibility with real-time cybersecurity insights. The initiative enables organizations to move toward more continuous, operationalized compliance models in increasingly complex regulatory environments.

As organizations manage overlapping obligations across frameworks such as SOC 2^®, HITRUST^®, ISO 27001, PCI DSS, FedRAMP^®, GovRAMP™, and CMMC, many face challenges driven by disconnected systems, fragmented evidence collection, and point-in-time compliance activities. Rapid7's Cyber GRC initiative bridges these gaps by providing more continuous, threat-aware visibility into risk and control effectiveness.

"Organizations today are under increasing pressure to align security operations with governance, risk, and compliance in a way that reflects real-time conditions," said Cameron Youngblood, Chief Revenue Officer at 360 Advanced. "By collaborating with Rapid7 on this initiative, we're helping organizations connect security insights with compliance workflows to improve visibility, strengthen operational efficiency, and support ongoing compliance maturity."

As part of the Rapid7 Cyber GRC ecosystem, 360 Advanced will support organizations through integrated advisory, assessment, and assurance services across multiple frameworks and regulatory requirements.

"Businesses are moving away from treating compliance as a once-a-year audit exercise," added Youngblood. "The ability to align real-time security insights with governance and compliance workflows is an important step toward building more resilient programs and more defensible reporting."

360 Advanced delivers cybersecurity and compliance solutions to organizations ranging from emerging technology companies to Fortune 500 enterprises, with services that include:

• SOC 1 & SOC 2 Reporting
• HITRUST Assessments
• ISO 27001 & ISO 27701 Certifications
• PCI DSS Assessments
• FedRAMP & GovRAMP Services
• CMMC Readiness & Certification Support
• Penetration Testing & Risk Assessments
• AI Governance & ISO 42001 Advisory Services

The Rapid7 Cyber GRC Early Access Program is currently available to select organizations, with broader availability planned later in 2026.

To learn more about the Rapid7 Cyber GRC initiative, visit Rapid7 Cyber GRC Early Access Program.

For more information about 360 Advanced, visit the 360 Advanced website.

About 360 Advanced, Inc
360 Advanced is Making Better Businesses through their client-centric cybersecurity and compliance offerings. For nearly 20 years, 360 Advanced has delivered integrated compliance solutions to a global base of clients in a wide range of industries, from tech startups to Fortune 500 companies. Their cybersecurity and compliance offerings include ISO 27001, FedRAMP, HITRUST, SOC, Penetration Testing, Risk Assessments, and more.

360 Advanced operates under an alternative practice structure in accordance with all applicable laws, regulations, standards, and codes of conduct of the AICPA. Read full disclaimer here.

Media Contact
Keith Frechette
Director of Marketing
marketing@360advanced.com

About Rapid7
Rapid7, Inc. (NASDAQ: RPD) is a global leader in AI-powered managed cybersecurity operations, trusted to advance organizations' cyber resilience. Open and extensible, the Rapid7 Command Platform integrates security data, enriching it with AI, threat intelligence, and 25 years of expertise and innovation to reduce risk and disrupt attackers. As a recognized leader in preemptive managed detection and response (MDR), Rapid7 unifies exposure and detection to transform the cybersecurity operations of more than 11,500 customers worldwide. For more information, visit www.rapid7.com.

View original content to download multimedia:https://www.prnewswire.com/news-releases/rapid7-launches-cyber-grc-early-access-program-with-360-advanced-to-bridge-security-operations-and-compliance-for-organizations-302771166.html

SOURCE 360 Advanced

FAQ

What is Rapid7 (NASDAQ:RPD) Cyber GRC Early Access Program with 360 Advanced?

The Cyber GRC Early Access Program is a Rapid7 initiative aligning security operations with governance, risk, and compliance workflows. According to Rapid7, it uses the Command Platform to connect controls, evidence collection, and risk visibility with real-time cybersecurity insights for more continuous compliance.

How does Rapid7 Cyber GRC help organizations manage SOC 2, HITRUST, ISO 27001, PCI DSS, FedRAMP, GovRAMP, and CMMC requirements?

Rapid7 Cyber GRC is designed to support overlapping obligations across major frameworks by centralizing security and compliance workflows. According to Rapid7, it addresses disconnected systems and fragmented evidence collection with more continuous, threat-aware visibility into risk and control effectiveness.

What role does 360 Advanced play in Rapid7 (RPD) Cyber GRC ecosystem?

360 Advanced participates as a partner providing advisory, assessment, and assurance services within the Cyber GRC ecosystem. According to Rapid7, 360 Advanced supports organizations across multiple frameworks and regulations, helping connect security insights with compliance workflows and ongoing compliance maturity.

When will Rapid7 Cyber GRC move beyond its Early Access Program phase?

Rapid7 Cyber GRC Early Access is currently limited to select organizations, with wider availability expected later in 2026. According to Rapid7, the current phase focuses on early adopters before expanding access more broadly to additional customers.

What services does 360 Advanced offer alongside Rapid7 Cyber GRC for enterprise security and compliance?

360 Advanced offers SOC 1 and SOC 2 reporting, HITRUST assessments, ISO 27001 and 27701 certifications, PCI DSS and FedRAMP services. According to 360 Advanced, it also provides CMMC support, penetration testing, risk assessments, and AI governance and ISO 42001 advisory services.

How can organizations join the Rapid7 (NASDAQ:RPD) Cyber GRC Early Access Program?

Organizations can currently participate in Rapid7 Cyber GRC through a select Early Access cohort, with broader access planned in 2026. According to Rapid7, interested companies can learn more and explore participation via the Rapid7 Cyber GRC Early Access Program website.